You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Uwe Eisele (Jira)" <ji...@apache.org> on 2021/06/22 21:19:00 UTC
[jira] [Commented] (KAFKA-12790) Fix
SslTransportLayerTest.testUnsupportedTlsVersion with JDK 16
[ https://issues.apache.org/jira/browse/KAFKA-12790?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17367686#comment-17367686 ]
Uwe Eisele commented on KAFKA-12790:
------------------------------------
It looks like that the test also no longer runs on JDK 11. Basically its stated in https://bugs.openjdk.java.net/browse/JDK-8256490 which says that as of JDK 11.0.11 TLSv1.1 is disabled by default.
I executed the test in a Docker container with JDK 11.0.10 and JDK 11.0.11 (see https://github.com/ueisele/kafka/tree/fix/ssltransportlayertest/ci).
JDK 11.0.10
{code:java}
./ci/do_in_docker 11.0.10 ./gradlew clients:unitTest --tests SslTransportLayerTest.testUnsupportedTLSVersion --rerun-tasks
...
> Task :clients:unitTest
SslTransportLayerTest > [1] tlsProtocol=TLSv1.2, useInlinePem=false PASSED
SslTransportLayerTest > [2] tlsProtocol=TLSv1.2, useInlinePem=true PASSED
SslTransportLayerTest > [3] tlsProtocol=TLSv1.3, useInlinePem=false PASSED
{code}
JDK 11.0.11
{code:java}
./ci/do_in_docker 11.0.11 ./gradlew clients:unitTest --tests SslTransportLayerTest.testUnsupportedTLSVersion --rerun-tasks
...
> Task :clients:unitTest
org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(Args)[1] failed, log available in /home/appuser/kafka/clients/build/reports/testOutput/org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(Args)[1].test.stdout
SslTransportLayerTest > [1] tlsProtocol=TLSv1.2, useInlinePem=false FAILED
org.opentest4j.AssertionFailedError: Condition not met within timeout 15000. Metric not updated failed-authentication-total expected:<1.0> but was:<0.0> ==> expected: <true> but was: <false>
at org.junit.jupiter.api.AssertionUtils.fail(AssertionUtils.java:55)
at org.junit.jupiter.api.AssertTrue.assertTrue(AssertTrue.java:40)
at org.junit.jupiter.api.Assertions.assertTrue(Assertions.java:193)
at org.apache.kafka.test.TestUtils.lambda$waitForCondition$3(TestUtils.java:303)
at org.apache.kafka.test.TestUtils.retryOnExceptionWithTimeout(TestUtils.java:351)
at org.apache.kafka.test.TestUtils.retryOnExceptionWithTimeout(TestUtils.java:319)
at org.apache.kafka.test.TestUtils.waitForCondition(TestUtils.java:300)
at org.apache.kafka.common.network.NioEchoServer.waitForMetrics(NioEchoServer.java:196)
at org.apache.kafka.common.network.NioEchoServer.verifyAuthenticationMetrics(NioEchoServer.java:155)
at org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(SslTransportLayerTest.java:644)
org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(Args)[2] failed, log available in /home/appuser/kafka/clients/build/reports/testOutput/org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(Args)[2].test.stdout
SslTransportLayerTest > [2] tlsProtocol=TLSv1.2, useInlinePem=true FAILED
org.opentest4j.AssertionFailedError: Condition not met within timeout 15000. Metric not updated failed-authentication-total expected:<1.0> but was:<0.0> ==> expected: <true> but was: <false>
at org.junit.jupiter.api.AssertionUtils.fail(AssertionUtils.java:55)
at org.junit.jupiter.api.AssertTrue.assertTrue(AssertTrue.java:40)
at org.junit.jupiter.api.Assertions.assertTrue(Assertions.java:193)
at org.apache.kafka.test.TestUtils.lambda$waitForCondition$3(TestUtils.java:303)
at org.apache.kafka.test.TestUtils.retryOnExceptionWithTimeout(TestUtils.java:351)
at org.apache.kafka.test.TestUtils.retryOnExceptionWithTimeout(TestUtils.java:319)
at org.apache.kafka.test.TestUtils.waitForCondition(TestUtils.java:300)
at org.apache.kafka.common.network.NioEchoServer.waitForMetrics(NioEchoServer.java:196)
at org.apache.kafka.common.network.NioEchoServer.verifyAuthenticationMetrics(NioEchoServer.java:155)
at org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(SslTransportLayerTest.java:644)
org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(Args)[3] failed, log available in /home/appuser/kafka/clients/build/reports/testOutput/org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(Args)[3].test.stdout
SslTransportLayerTest > [3] tlsProtocol=TLSv1.3, useInlinePem=false FAILED
org.opentest4j.AssertionFailedError: Condition not met within timeout 15000. Metric not updated failed-authentication-total expected:<1.0> but was:<0.0> ==> expected: <true> but was: <false>
at org.junit.jupiter.api.AssertionUtils.fail(AssertionUtils.java:55)
at org.junit.jupiter.api.AssertTrue.assertTrue(AssertTrue.java:40)
at org.junit.jupiter.api.Assertions.assertTrue(Assertions.java:193)
at org.apache.kafka.test.TestUtils.lambda$waitForCondition$3(TestUtils.java:303)
at org.apache.kafka.test.TestUtils.retryOnExceptionWithTimeout(TestUtils.java:351)
at org.apache.kafka.test.TestUtils.retryOnExceptionWithTimeout(TestUtils.java:319)
at org.apache.kafka.test.TestUtils.waitForCondition(TestUtils.java:300)
at org.apache.kafka.common.network.NioEchoServer.waitForMetrics(NioEchoServer.java:196)
at org.apache.kafka.common.network.NioEchoServer.verifyAuthenticationMetrics(NioEchoServer.java:155)
at org.apache.kafka.common.network.SslTransportLayerTest.testUnsupportedTLSVersion(SslTransportLayerTest.java:644)
3 tests completed, 3 failed
{code}
To execute tests which require TLSv1.1 support with current JDKs, TLSv1.1 must be removed from the `jdk.tls.disabledAlgorithms` security property in the `java.security` configuration file.
I also tested this and in this case I could execute the test testUnsupportedTlsVersion with the newest version of JDK 11.
I now, this task is about JDK 16, but for me it looks like that also for JDK 16 the reason is that TLSv1.1 has been disabled by default.
> Fix SslTransportLayerTest.testUnsupportedTlsVersion with JDK 16
> ---------------------------------------------------------------
>
> Key: KAFKA-12790
> URL: https://issues.apache.org/jira/browse/KAFKA-12790
> Project: Kafka
> Issue Type: Sub-task
> Reporter: Ismael Juma
> Assignee: Rajini Sivaram
> Priority: Major
> Fix For: 3.0.0
>
>
> Details can be found in the PR:
> https://github.com/apache/kafka/pull/10415#issuecomment-808230478
--
This message was sent by Atlassian Jira
(v8.3.4#803005)